GOOGLE CHROME ZERO-DAY VULNERABILITY
Exploitation of Zero-day
Google has recently taken prompt security measures by releasing a security update for its Chrome web browser, aiming to fix the third zero-day vulnerability of this year that hackers have exploited.
The third Chrome zero-day vulnerability that was fixed recently by Google has been tracked as “CVE-2023-3079.”
Exploitation of Zero-day
Detailed information regarding the exploit and its application in attacks has not been disclosed by the company, with the focus limited to highlighting the severity of the flaw and its classification.
In the event of discovering a new security flaw, Google always follows its traditional protocol of not disclosing any technical information or data related to the flaw.
This action aims to ensure users’ protection until a significant portion of them have successfully migrated to the secure version.
Not only that even this approach also restricts malicious actors from exploiting the disclosed information to create additional exploits.
Google’s researcher, Clément Lecigne, uncovered CVE-2023-3079 on June 1, 2023, marking it as a high-severity vulnerability.
This flaw resides in V8, Chrome’s JavaScript engine that is responsible for the interpretation and execution of code in the browser.
Type confusion bugs occur when the engine incorrectly identifies the object’s type at runtime, which can result in dangerous manipulation of memory and the execution of arbitrary code.
These bugs pose a serious threat as they can enable malicious activities and compromise system security by exploiting the engine’s misinterpretation of object types.
Chrome Stable Channel Update
Sophisticated state-sponsored threat actors frequently exploit zero-day vulnerabilities, specifically targeting influential individuals in several critical organizations.
So, to ensure the utmost security, it is highly advised that Chrome users promptly update their vulnerable version of Chrome.
Taking immediate action to update your browser will help safeguard against potential attacks and protect against potential risks.
Over the upcoming days/weeks, the 114.0.5735.106 update for Mac and Linux and the 114.0.5735.110 update for Windows will be gradually rolled out to the Stable and extended stable channels.
Update Chrome
Here below we have mentioned the simple steps to update your Chrome browser:-
Firstly You Have To Open The Chrome Browser On Your Computer.
Then You Have To Open The Browser Window’s Chrome Settings Menu In The Upper Right Corner (Three Vertically Aligned Dots).
Now You Have To Click On The Settings Menu To Open The Drop-Down Menu.
Then Select The “Help” Option.
Now, In The “Help” Submenu, Click On “About Google Chrome”.
That’s It, Now If An Update Is Available, Chrome Will Automatically Start Downloading And Installing It.
Once The Update Is Finished, Relaunch Google Chrome To Ensure The Latest Version Is Applied.
Affected Versions
Google Chrome versions before 117.0.5938.132 are affected by this vulnerability.
Mitigation
Customers are requested to upgrade to the latest stable channel version, 117.0.5938.132, for Windows, Mac, and Linux.
Microsoft has released the Microsoft Edge Stable (Version 117.0.2045.47) and Extended Stable Channel (Version 116.0.1938.98) to address CVE-2023-5217, which the Chromium team has reported as being exploited in the wild.
Qualys Detection
Qualys customers can scan their devices with QIDs 378549 and 378911 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
Google has made an update related to CVE-2023-4863 by providing a new identifier for this vulnerability, CVE-2023-5129. However, specifically for Google Chrome, this vulnerability is tracked as CVE-2023-4863.
CVE-2023-5217 is a heap buffer overflow vulnerability in VP8 compression format in libvpx. Libvpx is a free software video codec library from Google and the Alliance for Open Media (AOMedia).
CVE-2023-5186 is a use after free vulnerability existing in Passwords.
CVE-2023-5187 is a use after free vulnerability in Extensions.
About the Creator
ITCTRLS Digisol LLP
ITCTRLS is a digital Marketing agency in Hyderabad, dealing in domain registration, hosting, web design, digital marketing, graphic design & branding
Keep reading
More stories from ITCTRLS Digisol LLP and writers in Journal and other communities.
Cyber Security Awareness
Cyber Security is the act of securing frameworks, organizations, and projects from digital assaults. These cyber-attacks are generally pointed toward getting to, changing, or annihilating touchy data; blackmailing cash from clients; or intruding on ordinary business measures.
By ITCTRLS Digisol LLP5 months ago in Journal
When the Robots Took My Job
This is for RM Stockton's Write Club prompt for the month of April: AI Please allow me to vent. For "college," I went to a scam school that is now closed. We were promised internships that were never spoken of again after admissions, and we were promised help finding jobs. The first time I went to the career counselor's office, she was completely frazzled. She had no idea what to do with us, the film majors. The second time I visited her office, I let her know that I'd found myself a job, and she was visibly relieved.
By Rebekah Conard5 days ago in Journal
Nigerians No Longer Being Blamed For All of Ghana's Issues Black Americans Are & Another Black American Murdered in Ghana
Thursday, 25 April 2024 By: TB Obwoge I remember telling my Kenyan friend about not being able to go any where in the country for longer distances without a heavily armed Ghana police officer on the bus. He said to me, "that's so 1980's, in Kenya we no longer need that!" I laughed because having lived in Kenya it was never something I saw or experienced.
By IwriteMywrongsabout 18 hours ago in Journal
Two Pink Lines
I had never really felt like a child. I'd always had to raise myself. My mother was just a teenager when she'd had me and consequently, we had spent my whole childhood arguing and fighting like a couple of sisters as opposed to mother and daughter. My father was older than my mother but still had some maturing to do himself. He focused his entire life on me, his little girl but never realized the pressure that put on me. I always felt I had to raise him even as he was trying to raise me. We raised each other. Then, I met him. He cares, he shows me a love like I've never known. For once, it's about me and I don't have to focus on other people's needs and what someone needs from me. Someone always wants something from you. That is what my parents have taught me. Love is selfish but it isn't with him. He is perfect, beautiful, funny, and can take me to places I've only dreamed about. Places outside my mind and my own pathetic life and I know that I will always love him. When we first met, I wanted him to have my children, but now? Right now, with us both still in high school? This is all happening so soon. I slipped into the restroom at work. It had been 6 weeks since my last menstrual and this was not normal. I couldn't wait any longer. I put the top on the test and waited. These 60 seconds felt like forever. What would we do? We were both seniors so we didn't have long to go before school was over but this was not the plan. The plan was for him to join the Army and me the National Guard and for me to get my associate's degree and then we marry, then have kids.
By Lindsey Altom5 days ago in Fiction
Comments
There are no comments for this story
Be the first to respond and start the conversation.